Riemen Solution Pvt Ltd

IT Acceptable Use Policy

Document Name: Riemen IT Policy Year of Creation of Work: 2019

Category: Internal Full Date of Publication: 10-Mar-2019

This document provides details about

Description: Reviewed by: Legal Team & IT Team
Acceptable Usage policy & guidelines

Author: IT Compliance Approved by: Ankit Gupta

1|Page IT NDA Document

 Index
I. Purpose
II. Scope
III. Objective
IV. Acceptable Use Policy
V. Right to monitor
VI. Exceptions
VII. Policy Compliance, Enforcement and Violations

2|Page IT NDA Document

1. Purpose –
The purpose of this policy is to enable end users to understand the security requirements
and policies to be followed for the day-today computing activities. It is aimed at providing
preventive / corrective measures to be taken to minimize the risks arising out of computing
resources used by end users.
2. Scope –
This policy is applicable to all systems, and information processing facilities, all Riemen
Solution Pvt Ltd & its affiliate referred to as “Company” hereafter employees, and other
personnel (contractors, third parties, trainees, etc.) having access to company’s information
assets.
3. Objective –
The objective of this policy is to define the acceptable usage of internet, intranet, e-mails,
systems, storage Media, operating systems, application software and business information
of the company.
4. Acceptable Usages Policy –

4.1 – Acceptable Usage Policy Statements

• Users shall utilize Company’s information resources for business purposes for which
they have been authorized. Usage of Company’s information systems and resources
for personal or by any external personnel (i.e. family member, political or religious or
charitable or school organization, etc.) is strictly prohibited.
• Introduction of unauthorized software & hardware (piracy/copyright & patent
infringement) to Company’s information resources and copying of such material is
strictly prohibited.
• The storage, processing, or transmission of unauthorized copies of licensed software
& hardware (piracy/copyright & patent infringement), by Company personnel is
strictly prohibited.
• Introduction of freeware and shareware software whether downloaded from the
Internet or obtained through any other media to Riemen Solutions Pvt Ltd & its
Affiliates information systems shall be subject to a formal evaluation and approval
process.

3|Page IT NDA Document

 • Freeware and shareware applications shall be evaluated and tested by the respective
Department and the business owners before installation on Company’s Information
Resources as permitted.
• Usage of Company’s information systems to store, process, download, or transmit
data that can be construed as biased (politically, religiously, racially, ethnically, etc.)
or supportive of harassment is strictly prohibited.
• Downloading, redistribution and printing of copyrighted articles, documents, or
other copyrighted materials to Company’s information systems are strictly
prohibited. Company is not responsible for such information and resulting legal
actions.
• Receiving, printing, transmitting, or otherwise disseminating proprietary data,
company secrets, or other confidential information in violation of company policy or
proprietary agreements is strictly prohibited.
• Downloading inappropriate material such as picture files, music files, or video files
for personal use is strictly prohibited.
• Introduction of pornographic material into any Company’s systems environment is
strictly prohibited. The storage, processing, or transmittal of pornographic material
on Company’s information systems, by Company’s employees, contractors or
associates is strictly prohibited and shall be dealt with strict disciplinary actions as
per the laws of the land.
• Each user has the responsibility to notify the respective department heads and the
Infosec team members immediately of any evidence of, or suspicion of any security
violation.
• Each user has the responsibility to prevent unauthorized access, including viewing of
information resources in his possession or control.
• Each user is responsible for prohibiting access by relatives, friends & neighbors, and
unknown visitors to the information resources in his/her possession or control
• Games are not permitted and shall be removed from all systems.
• Introduction of destructive programs (e.g., viruses, self-replicating code) to cause
intentional damage, interfere with others, gain unauthorized access, or inhibit
production to Company’s information systems is strictly prohibited.
• The Read/Write removable media specified in this policy include, but are not limited
to:
o Compact Disks (CD) and Digital Versatile Video (DVD)
o USB devices
o Compact Flash Cards
o Secure Digital Cards

4|Page IT NDA Document

 o Smart Media Cards
o Memory Stick
• All media shall be stored in a secured, safe environment in accordance with
manufacturer’s specification.
• Users are not allowed to remove media and move it out of Company’s premises
without prior authorization. Once approved, all media should be properly registered
before removal to avoid data loss.
• All Read only and Read/Write removable media shall be disabled by default for all.
Company’s users shall be authorized to use Read only and Read/Write removable
media after Proper authorization. Authorized users shall ensure that the media is
stored securely based on the criticality of information stored on the media.
• A request shall be logged to obtain authorization for use of removable media. The
request shall clearly state the business needs.
• The usage of such media shall be strictly for professional purposes and users must
comply with the terms of the Company’s policies. Any breach in these terms shall
make the user subject to a disciplinary process.
• The contents of any re-usable media that are to be removed from the organization
should be made unrecoverable, when no longer required in accordance with the
asset disposal policy.

4.2 Acceptable Usage Do’s & Don’ts

Do’s Don’ts
• Use accesses for valid business purposes only • Use company resources for personal purposes
• Send company data/IP to personal email ID’s unless
• Keep activity to least privilege and need to know
authorized Copy company data/IP to personal drives,
basis
systems etc.
• Use company resources to access, download, or
distribute pornographic, obscene, defamatory,
• Visit authorized websites for business purposes only
discriminatory, harassing, or other inappropriate
materials of any kind
• Use company resources to download, store or
• Take approvals in case access to restricted sites are transmit materials that infringe any copyright,
required for business purposes trademark, licensing agreement, or other proprietary
right Circumvent security controls
• Follow clear desk and clear screen practices
• Follow security protocols

5|Page IT NDA Document

5. Remote Surveillance
The information and computing resources allocated to users are the property of Company
and Company reserves the right to monitor the activities of the users on these facilities and
audit systems and networks to ensure compliance with this policy.
This also includes monitoring Internet and Intranet access, email, and email attachments,
chats/Instant Messaging (IM) where it is appropriate and legal to do so.
Upon detection of any suspicious/abnormal activity, Company reserves the right to
investigate.
6. Exceptions –
Exceptions if any to this policy shall be explicitly reviewed and approved by the Infosec team
of the company ([email protected]). The exceptions if any shall be approved
and valid for a specific time and shall be reassessed and re-approved if necessary.
7. Policy Compliance, Enforcement and Violations –

• If users are unsure or not clear about anything in this policy, they should seek
clarification or advice from the Management Representatives.
• Violations of this policy and supporting procedures shall result in corrective action by
Management. Disciplinary action shall be consistent with the severity of the violation
as determined by an investigation and may include, but may not be limited to:
• Issuance of warning letter to the employees detailing the violations and
consequences of his actions and a reply from the employee
• Loss of access privileges to information assets
• Termination of employment / contract
• Other actions as deemed appropriate by Management, HR & Legal department as
per the disciplinary actions policy of Company.

6|Page IT NDA Document

8. Acknowledgement –
I hereby acknowledge that I have read Company’s IT Acceptable Use Policy and I agree to
adhere to all the terms in this policy.
I will take all precautions to ensure confidentiality, non-disclosure, and protection of all non-
public information of Company always. Any violation may lead to disciplinary or legal actions
not limited to termination.

Employee ID: _____________________________________

Employee Name: ___________________________________
AM/Manager Name: ___________________________________
Department Head Name: ________________
Department/Function: ______________________________
Location: ________________________________________
Signature: _______________________________________

7|Page IT NDA Document